Robust planning is proving paramount for creating cyber strategies that mitigate risk and drive business value.
NEW YORK, NY, US, 06 December 2022— Today, Deloitte released its 2023 Global Future of Cyber survey, which found that cyber is more than just technology-focused—it is foundational to an organization’s growth strategy. This year’s report polled more than 1,000 leaders across 20 countries—Deloitte Global’s largest cyber survey to-date—to get a clearer picture of where cyber stands and where cyber is going.
With 91% of organizations reporting at least one cyber incident in the past year—up 3% from last year—56% of respondents report that they suffered related consequences to a moderate or large extent. However, as the threat grows, so does the case for cyber investment as a growth enabler, with 86% of cyber decision-makers saying their focus on cyber has made a significant, positive contribution to business.
"This year’s report shows how cyber is now woven more tightly into business operations, outcomes, and opportunities. Chief information security officers (CISOs) are most successful when they are connectors across their organization, focused on enabling their organization’s highest business priorities,” says Emily Mossburg, Deloitte Global Cyber Leader. "Cyber has become an enabler for business and embedding it into all business practices has shown nothing but success. Advancing cyber will only become more critical as the global economy faces a potential downturn and businesses navigate a looming recession."
Understanding cyber maturity and identifying high-performing cyber organizations are critical in setting the stakes for other organizations. By separating high-cyber-maturity organizations from their medium- and low-cyber-maturity counterparts, the report identifies a distinct class of cyber leaders and more fully demonstrates the extent to which cyber underpins business success and value.
To define cyber maturity, Deloitte identified three sets of leading practices to rate organizations—cyber planning, key cyber activities, and board involvement. The report segments the organizations into three groups—low-, medium-, and high-cyber-maturity—by assigning point values to each set of leading practices.
The key findings of this report exemplify why the incorporation of cyber initiatives throughout business processes can enable growth and achieve cyber maturity.
Global industries continue to navigate constant disruption propelling leaders to adjust their priorities and business initiatives to consider the latest technologies, while also working with extended ecosystems to develop solutions—including data protection and privacy, cyber cloud, infrastructure security, and application security.
Cyber planning and talent can bring innovative solutions that support future business models and identify unforeseen challenges.
“With cyber threats growing and advancing around the globe, there is no architecture or approach that can guarantee absolute security and risk mitigation,” adds Mossburg. “We’re now seeing cyber transcend its traditional IT roots and become an essential part of future-proofing businesses—which will be critical in the year ahead as digital transformation continues to be a top investment.”
The report has highlighted why organizations need to invest in key areas throughout the business to increase cyber efficiency in 2023. To enable growth, organizations need to focus on hiring and developing the right cyber talent, executing thorough digital planning, and partnering with extended ecosystems, all while incorporating cyber into strategic business initiatives.
For more information, please visit: www.deloitte.com/2023futureofcyber
Deloitte designed its 2023 Global Future of Cyber Survey based on the complexity of today's business and technology landscape, focusing on the needs of enterprise leaders who may recognize the importance of cyber yet struggle to harness its value. Deloitte based its research on a survey of more than 1,000 cyber decision-makers at the director level or higher (C-suite executives and C-suite direct reports), across 20 countries and 6 industries limited to organizations with at least 1,000 employees and $500 million USD in annual revenue.